On Mon, Aug 02, 2004, Alicia da Conceicao wrote: > Hi Steve: > > > Its not ASN1 because the OpenSSL ASN1 code isn't fully streaming and to do so > > would be a massive undertaking which has so far not attracted any interest. > > The data following the salt is the raw encrypted data using standard block > > padding. This isn't conformant with any public standard. > > Thank you for clearing things up for me regarding "openssl enc" encoding > format. :-) > > But now that you mentioned it, I would have to say that it would be more > than a massive undertaking to use DER encoding for "openssl enc" streaming, > it would be impossible, since DER encoding always puts an object's length > before an object's contents. You would first need to dump the entire > stream contents into a temporary location before you can obtain and DER > encode the stream length, and to do so would not qualify as streaming > since nothing comes out until everything is put in. >
It is of course possible if a file is streamed because its length is then available. I said "ASN1" not "DER". It is perfectly feasible to use BER for streaming ASN1, in fact I've some prototype code that can encode such a stream for S/MIME use. The decode side is harder to handle and the only solution I've found that isn't horrendously complex involves various evil hacks which I'm not happy with. That however is partial streaming which handles some structures as a special case. Full streaming which would allow any ASN1 structure to be streamed is much harder and probably not worth it. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
